Bug #96769 Requirement for global SELECT priv to Innodb Cluster Admin user to permissive
Submitted: 5 Sep 2019 13:58 Modified: 5 Sep 2019 17:51
Reporter: Dennis Sehalic Email Updates:
Status: Not a Bug Impact on me:
None 
Category:Shell AdminAPI InnoDB Cluster / ReplicaSet Severity:S3 (Non-critical)
Version:8.0.17 OS:Any
Assigned to: MySQL Verification Team CPU Architecture:Any

[5 Sep 2019 13:58] Dennis Sehalic 
Description:
In MySQL 8.0.17 the admin user for InnoDB Cluster require SELECT on *.* due to this bug https://bugs.mysql.com/bug.php?id=95265 being resolved. The bug allowed the shell to query table/column info from information_schema for any table in the system. Shell needs to be able to query information_schema to check GR compliance, like tables having primary keys and such.

The probem with global SELECT priv is that organisations that have sensitive data can't give access to the Cluster admin user for operations teams anymore since they would then be able to view the user data in all databases. It would pretty much make it impossible to upgrade MySQL after 8.0.16 for a setup like that.

How to repeat:
Install MySQL 8.0.17

Suggested fix:
Not sure what the best solution would be here. Maybe introduce a new priv for looking at table meta data that satisfy the InnoDB Cluster requirements but doesn't give global SELECT priv?
[5 Sep 2019 17:51] MySQL Verification Team 
Hi Dennis,

This is not a bug. MySQL is behaving as expected.

Your use case does make sense in some cases but

> "Not sure what the best solution would be here."

Please think what would solve your problem, what kind of a behavior you would want and create a feature request (Create new bug report and select severity S4, explain what exactly would you like)

Thanks